3

Is it possible to make a linux virtual machine appear as the host machine to a network tool like nmap or Blue's Port Scanner without recompiling the kernel?

Jeremy Battle
  • 133
  • 1
  • 5

3 Answers3

1

To be clear--you want to make the guest appear as simply another IP address on the host if fingerprinted? Just set up the mapping between the two as NAT (as opposed to any variation of direct) and that should do exactly what you're looking for.

BMDan
  • 7,249
  • 2
  • 23
  • 34
  • 1
    We do not recommend violating company policies -- that would be unprofessional and is likely to get you fired -- but, if you (1) configure the VM to use NAT or host-only networking instead of bridged networking, and (2) you do not map any inbound ports from the host to the VM, it will not be detected by a port scan. Of course, it could be detected by outbound activity if it connects to any network resource. Your hypervisor will show up in software inventory and the VM's HDD image is on your PC, so you are not immune to a meticulous audit. Bottom line: follow the rules and prosper. – Skyhawk Jul 30 '10 at 15:57
0

You could try something with iptables, but otherwise TCP/IP networking is built into the kernel in most distros (CONFIG_INET=y) so a recompile would be required.

Ignacio Vazquez-Abrams
  • 45,939
  • 6
  • 79
  • 84
  • Is there anything in particular you had in mind with iptables? It's a bit broad to say "try something with iptables". Thanks for the response. – Jeremy Battle May 26 '10 at 14:24
  • Unfortunately I don't know enough about TCP/IP fingerprinting and iptables to give you any more than a broad "look over there". – Ignacio Vazquez-Abrams May 26 '10 at 16:41
  • iptables -t NAT -A PREROUTING -i -p tcp --dport -j DNAT --to That will work for any one service. Most virtualization softwares also allow you to assign a NIC directly to a VM, which may work. Bridged networking makes the VM appear to be on the same switch port as you, which is what most people want. – Jeff McJunkin Jul 19 '10 at 20:13
0

To do this, you'll probably want to find a way with your virtualization solution to directly assign a NIC to the virtual machine. Otherwise, you'll always be going through a network stack of something else other than the VM and there's no guarantee this won't leave some kind of fingerprint.

For example, in Xen, you can use PCI passthrough to give an unprivileged domain access to PCI devices (such as NIC). (See http://www.wlug.org.nz/XenPciPassthrough for an example)

Michael Mior
  • 388
  • 1
  • 5
  • 17